Sponsored Ads

The Web Security Mailing List

"A sophisticated FBI-produced spyware program has played a crucial
behind-the-scenes role in federal investigations into extortion plots,
terrorist threats and hacker attacks in cases stretching back at least
seven years, newly declassified documents show.

First reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV,
is designed to infiltrate a target's computer and gather a wide range
of information, which it secretly sends to an FBI server in eastern
Virginia. The FBI's use of the spyware surfaced in 2007 when the bureau
used it to track e-mailed bomb threats against a Washington state high
school to a 15-year-old student.

But the documents released Thursday under the Freedom of Information
Act show the FBI has quietly obtained court authorization to deploy the
CIPAV in a wide variety of cases, ranging from major hacker
investigations, to someone posing as an FBI agent online. Shortly after
its launch, the program became so popular with federal law enforcement
that Justice Department lawyers in Washington warned that overuse of
the novel technique could result in its electronic evidence being
thrown out of court in some cases." - Wired

After reading this article this leads me to believe

The FBI is possibly using 0day web browser vulnerabilities to deploy this.

They are likely using known browser flaws against machines that aren't fully patched.

They may be using intercepting proxies to inject this into HTTP streams of legit sites.